Docker UCLUG 5/13/2014

The topic was Docker … Docker is based on the concept of containers .. no necessarily the LXE containers (akin to Solaris zones), although the docker containers will run within LXE containers, basically docker is described as chroot on steroids.

The minimum basis for a docker container is the bare minimum libraries required to run a Linux distribution (probably version close to a net install). So I downloaded the base fedora docker image – about 250 MB … it booted up in docker in about 3 seconds.

The idea is that you start with one of these base images, yum install all required packages to run your app. For example, for a simple wordpress website container, you may install apache, php, mysql. You do a docker commit to save your changes. The changes get saved as a separate layer.

So my understanding of the internals of docker is that when you boot a docker image, the base image plus all layers get joined together via unionfs http://en.wikipedia.org/wiki/UnionFS, and then the linux system invokes a chroot to that unionfs mount and invokes the normal system startup as if it was a stand alone machine. Almost a virtual machine, but it does not run a separate kernel. Essentially you can pull down the base ubuntu image and run Ubuntu linux on top of Fedora. In addition, there are settings that control CPU/Memory affinity for each container as well as some SDN (software defined networking) components that allow you to control how one container can communicate with other containers and/or back to/from the host machine. So you can expose port 80/443 running in a container to the host machine (and out to the network)

Unlike a virtual machine where you may want to duplicate a base “machine” to use it as the basis for several different applications, you can build several docker containers, all with their own unique purposes, based on the same fedora base image.

CONTAINER_A : APACHE/PHP stack
CONTAINER_B : MySQL DB

Unlike a virtual machine clone where you are duplicating the total OS, with docker, CONTAINER_A and CONTAINER_B (as well as all other containers built off the same base image) all reference back to the same base fedora image and then just apply their own individual layers representing the deltas.